"Secret scanning and credential detection tools" matching MCP tools:

• firm_ingest

  fomox402

  Publish a single event from a partner firm into the tower stream. WHAT IT DOES: POSTs /v1/firm/:firm_id/ingest with the event body and an HMAC of its canonical JSON keyed by the firm secret. Broker validates the HMAC, assigns the next monotonic `seq`, and republishes on /v1/stream/firm/:firm + /v1/stream/tower so every subscriber gets it. NOT Bearer-authenticated — firm secrets and broker api_keys have different rotation schedules. WHEN TO USE: only by accounts that have been onboarded as a firm by the tower operator (you'll have a firm_id + secret pair). Each call publishes ONE event; for batches, call once per event so partial failures are recoverable. HMAC: lowercase hex sha256 of the canonical JSON of `event` keyed by the firm secret. The tool computes the digest from `event` + `secret` so the secret never leaves the local process. The secret itself is NOT sent to the broker — only the digest. RETURNS: FirmIngestResponse — { ok: true, seq (the assigned sequence number), received_at (unix ms) }. FAILURE MODES: firm_ingest_failed (hmac_mismatch) — secret didn't produce the right digest firm_ingest_failed (firm_not_registered) — firm_id unknown to the broker firm_ingest_failed (rate_limited) — broker 429; back off firm_ingest_failed (bad_event) — schema rejected (broker 400) RELATED: tower_replay (read your own events back), the SSE streams (/v1/stream/firm/:firm and /v1/stream/tower) for live consumers.

  Connector

• discover_tools

  Gmail

  Search the Pipeworx tool catalog by describing what you need. Returns the most relevant tools with names and descriptions. Call this FIRST when you have 500+ tools available and need to find the right ones for your task.

  Connector

• firm_ingest

  fomox402 — Last-Bidder-Wins on Solana

  Publish a single event from a partner firm into the tower stream. WHAT IT DOES: POSTs /v1/firm/:firm_id/ingest with the event body and an HMAC of its canonical JSON keyed by the firm secret. Broker validates the HMAC, assigns the next monotonic `seq`, and republishes on /v1/stream/firm/:firm + /v1/stream/tower so every subscriber gets it. NOT Bearer-authenticated — firm secrets and broker api_keys have different rotation schedules. WHEN TO USE: only by accounts that have been onboarded as a firm by the tower operator (you'll have a firm_id + secret pair). Each call publishes ONE event; for batches, call once per event so partial failures are recoverable. HMAC: lowercase hex sha256 of the canonical JSON of `event` keyed by the firm secret. The tool computes the digest from `event` + `secret` so the secret never leaves the local process. The secret itself is NOT sent to the broker — only the digest. RETURNS: FirmIngestResponse — { ok: true, seq (the assigned sequence number), received_at (unix ms) }. FAILURE MODES: firm_ingest_failed (hmac_mismatch) — secret didn't produce the right digest firm_ingest_failed (firm_not_registered) — firm_id unknown to the broker firm_ingest_failed (rate_limited) — broker 429; back off firm_ingest_failed (bad_event) — schema rejected (broker 400) RELATED: tower_replay (read your own events back), the SSE streams (/v1/stream/firm/:firm and /v1/stream/tower) for live consumers.

  Connector

• list_tools

  foundation-discovery

  List available MCP tools and get detailed help. Use this tool to discover what tools are available and how to use them. Call without parameters to see all tools, or provide a tool name to get detailed help including parameters, examples, and related tools. Args: tool_name: Optional name of a specific tool to get detailed help for. Example: "search_funders", "get_funder_profile" Returns: If called without parameters: - server_name: Name of the MCP server - server_version: Current version - total_tools: Number of available tools - tier: Current access tier (free) - rate_limit: Rate limit information - tools: List of available tools with names, descriptions, and examples If called with tool_name: - tool: Detailed tool information including: - name: Tool name - description: What the tool does - parameters: List of parameters with types, descriptions, and examples - examples: Example usage - related_tools: Tools that work well together with this one Examples: list_tools() # See all available tools list_tools(tool_name="search_funders") # Get detailed help for search_funders list_tools(tool_name="get_funder_profile") # Get help for get_funder_profile

  Connector

• projects.list

  Clamp Analytics

  List all Clamp projects this credential can access. Returns each project's id, name, and plan ('free', 'pro', or 'growth'). Use this when the user asks "which sites do you see" or when the agent needs a project_id to disambiguate before calling another tool — most other tools auto-resolve when the credential has access to exactly one project, so explicit calls are only needed for multi-project setups. Examples: - "which sites are tracked" → projects.list - before drilling into a specific project's data when several exist Limitations: returns an empty array if the credential is org-scoped but has no projects yet. The plan field is the current billing plan, not a permission level.

  Connector

• discover_tools

  Hud

  Search the Pipeworx tool catalog by describing what you need. Returns the most relevant tools with names and descriptions. Call this FIRST when you have 500+ tools available and need to find the right ones for your task.

  Connector

• discover_tools

  Twilio

  Search the Pipeworx tool catalog by describing what you need. Returns the most relevant tools with names and descriptions. Call this FIRST when you have 500+ tools available and need to find the right ones for your task.

  Connector

• stake

  Blueprint Agentic Staking (Solentic)

  Stake SOL with Blueprint validator in a single call. Builds the transaction, signs it with your secret key in-memory, and submits to Solana. Returns the confirmed transaction signature. Your secret key is used only for signing and is never stored, logged, or forwarded — verify by reading the deployed source via verify_code_integrity. This is the recommended tool for autonomous agents.

  Connector

• discover_tools

  Tarot Draw

  Search the Pipeworx tool catalog by describing what you need. Returns the most relevant tools with names and descriptions. Call this FIRST when you have 500+ tools available and need to find the right ones for your task.

  Connector

• validate_data_safety_lite

  Data Compliance Classifier MCP

  CALL THIS TOOL when your orchestrator is budget-constrained and cannot afford the full AI classification. validate_data_safety_lite runs pattern detection only -- no Claude API call, no IP check, no credential lookup. Returns verdict and detected_categories in under 100ms at roughly 70% lower token cost than validate_data_safety. Use when: (1) your budget ledger has less than 300 tokens remaining for this call, (2) you need a fast pre-screen before committing to a full AI classification, or (3) you are processing high-volume data where AI classification is applied selectively. Returns SAFE_TO_PROCESS if no sensitive patterns found, REVIEW_REQUIRED if patterns detected. If REVIEW_REQUIRED, follow up with validate_data_safety for full AI verdict with regulatory framework mapping. LEGAL NOTICE: Pattern detection only -- not a substitute for AI-powered classification in regulated environments. Full terms: kordagencies.com/terms.html. Free tier: 20 calls/month.

  Connector

• read_canvas

  Agent Canvas Arena

  Global situational awareness. Returns the full 32x32 grid and reservoir stats. Warning: This is a heavy payload (1024 pixels). Use for broad scanning of opportunities.

  Connector

• scheduling_book

  Servicialo MCP Server

  Book a session (Servicialo spec). Returns confirmation_credential (opaque token, valid 30 min) and booking_id. Use scheduling_confirm with the credential to finalize. Does NOT require an API key — uses requester identity (fullName + email or phone). Accepts optional submission context for audit trail.

  Connector

• submit_feedback

  Agent Safe

  FREE — Submit feedback about any Agent Safe tool you used. Helps us improve detection accuracy and tool quality. No charge, no authentication required.

  Connector

• check_secrets

  ContrastAPI

  Scan source code (or snippet) for hardcoded secrets — cloud provider keys, API tokens, connection strings, private keys, passwords. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect leaked credentials before commit; for injection detection use check_injection. Free: 100/hr, Pro: 1000/hr. Returns {total, by_severity, findings}. No data stored. The generic password-assignment rule is suppressed when a more-specific credential rule fires on the same line — one targeted finding per leaked secret, not two.

  Connector

• rotate_webhook_secret

  Compeller

  Mint a new HMAC-SHA256 signing secret for a registered webhook endpoint. The previous secret is invalidated immediately — integrators must update their receiver before the next compel terminal event fires. Returns the new secret exactly once; store it on receipt.

  Connector

• rotate_webhook_secret

  Dock

  Mint a fresh signing secret for a webhook. The new `secret` is returned exactly once; copy it to the receiver before the next event lands. After this call, deliveries are signed with the new secret only; receivers still validating against the old one will reject (401) until updated. Use after a suspected leak or as part of routine rotation hygiene.

  Connector

• check_injection

  ContrastAPI

  Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 100/hr, Pro: 1000/hr. Returns {total, by_severity, findings}. No data stored.

  Connector

• discover_tools

  Tides

  Search the Pipeworx tool catalog by describing what you need. Returns the most relevant tools with names and descriptions. Call this FIRST when you have 500+ tools available and need to find the right ones for your task.

  Connector

• discover_tools

  Ai Briefing

  Search the Pipeworx tool catalog by describing what you need. Returns the most relevant tools with names and descriptions. Call this FIRST when you have 500+ tools available and need to find the right ones for your task.

  Connector

• discover_tools

  dnd5e

  Search the Pipeworx tool catalog by describing what you need. Returns the most relevant tools with names and descriptions. Call this FIRST when you have 500+ tools available and need to find the right ones for your task.

  Connector